> ## Documentation Index
> Fetch the complete documentation index at: https://www.1password.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# 1Password CLI 1 reference

<head>
  <meta name="robots" content="noindex,nofollow" />
</head>

<Warning>
  **Upgrade to 1Password CLI 2**

  1Password CLI 1 is deprecated as of **October 1, 2024**. Scripts and integrations that use version 1 will no longer work as expected. [Upgrade to 1Password CLI 2](/cli/upgrade/) to maintain uninterrupted access and compatibility with the latest features.
</Warning>

Sign in to an account to get started. Run `op signin --help` to learn
more.

### How to specify objects

You can specify all objects by name or UUID. You can also specify some
objects by other attributes:

* **Items**: item link
* **Login or Password items**: domain name
* **Users**: email address

When you specify an item by name or domain, there may be more than one
item that matches. To be more specific, use the `--vault` option to
only look in one vault at a time, or use a unique ID (UUID) instead.

Looking up an item (such as a Connect server or vault) by ID is more efficient than using the name.

### Cache item and vault information

1Password CLI can use its daemon process to cache items, vault
information, and the keys to access information in an account. To use
the cache, use the `--cache` option with a command. When working with
items, the cache is most effective after it has a list of the items in a
vault.

The daemon stores encrypted information in memory using the same
encryption methods as on 1Password.com. It can read the information to
pass to 1Password CLI but can’t decrypt it. 1Password CLI starts the
daemon automatically and it terminates itself after 24 hours of
inactivity.

### Use alternative character encoding

By default, 1Password CLI processes input and output with UTF-8
encoding. You can use an alternative character encoding with the
`--encoding` option. Supported alternative character encoding types:

* `gbk`
* `shift-jis`

### Commands

<CardGroup cols={2}>
  <div>
    * [add](#add): Grant access to groups or vaults
    * [completion](#completion): Generate shell completion information
    * [confirm](#confirm): Confirm a user
    * [create](#create): Create an object
    * [delete](#delete): Remove an object
    * [edit](#edit): Edit an object
    * [encode](#encode): Encode the JSON needed to create an item
    * [forget](#forget): Remove a 1Password account from this device
    * [get](#get): Get details about an object
  </div>

  <div>
    * [list](#list): List objects and events
    * [manage](#manage): Manage group access to 1Password integrations
    * [reactivate](#reactivate): Reactivate a suspended user
    * [remove](#remove): Revoke access to groups or vaults
    * [signin](#signin): Sign in to a 1Password account
    * [signout](#signout): Sign out of a 1Password account
    * [suspend](#suspend): Suspend a user
    * [update](#update): Check for and download updates
  </div>
</CardGroup>

### Usage

```shell theme={null}
op [command] [options]
```

### Global options

```
--account shorthand   use the account with this shorthand
--cache               store and use cached information
--config directory    use this configuration directory
-h, --help            get help with a command
--session token       authenticate with this session token
```

### Get help

For help with any command, use the `--help` option:

```shell theme={null}
op <command> [subcommand] --help
```

***

## *add*

### Subcommands

* [add connect](#add-connect): Grant access to vaults to 1Password Secrets Automation
* [add group](#add-group): Grant a group access to a vault
* [add user](#add-user): Grant a user access to a vault or group

### Related commands

* [edit](#edit): Edit an object
* [remove](#remove): Revoke access to groups or vaults

## *add connect*

### Subcommands

* [add connect server](#add-connect-server): Grant a Connect server access to a vault

## *add connect server*

Grant a Connect server access to a vault.

```shell theme={null}
op add connect server <server> <vault> [flags]
```

### Related commands

* [create connect token](#create-connect-token): Issue a token for a 1Password Connect server

## *add group*

Grant a group access to a vault.

```shell theme={null}
op add group <group> <vault> [flags]
```

## *add user*

Grant a user access to a vault or group.

```shell theme={null}
op add user <user> [<vault> | <group>] [flags]
```

### Options for add user

```
--role role   set the user's role in a group (member or manager) (default "member")
```

## *completion*

Generate shell completion information for 1Password CLI.

```shell theme={null}
op completion <shell> [flags]
```

### How completion works

If you use Bash or Zsh, you can add shell completion for 1Password CLI.
With completions loaded, after you start typing an
`op` command, press Tab to see available commands and options.

#### Load shell completion information for Bash

To always load the completion information for Bash, add this to your
`.bashrc` file:

```shell theme={null}
source <(op completion bash)
```

To use shell completion in Bash, you’ll need the `bash-completion` package.

#### Load shell completion information for Zsh

To always load the completion information for Zsh, add this to your
`.zshrc` file:

```shell theme={null}
eval "$(op completion zsh)"; compdef _op op
```

## *confirm*

Confirm users.

```shell theme={null}
op confirm [<user> | --all]
```

### Options for confirm

```
--all    confirm all unconfirmed users
```

### Related commands

* [create user](#create-user): Create a user

## *create*

### Subcommands

* [create connect](#create-connect): Create 1Password Connect servers and tokens
* [create document](#create-document): Create a document
* [create group](#create-group): Create a group
* [create integration](#create-integration): Create an integration
* [create item](#create-item): Create an item
* [create user](#create-user): Create a user
* [create vault](#create-vault): Create a vault

## *create connect*

### Subcommands

* [create connect server](#create-connect-server): Set up a 1Password Connect server
* [create connect token](#create-connect-token): Issue a token for a 1Password Connect server

## *create connect server*

Add a 1Password Connect server to your account and generate a credentials file
for it.

```shell theme={null}
op create connect server <name> [flags]
```

### Options for create connect server

```
--vaults vaults   grant the Connect server access to these vaults
```

### How create connect server works

The `1password-credentials.json` file is saved in the current directory.

### Related commands

* [create connect token](#create-connect-token): Issue a token for a 1Password Connect server
* [manage connect add](#manage-connect-add): Grant access to manage Secrets Automation
* [manage connect remove](#manage-connect-remove): Revoke access to manage Secrets Automation

## *create connect token*

Issue a new token for an Connect server.

```shell theme={null}
op create connect token <server> <name> [flags]
```

### Options for create connect token

```
--expires-in duration   set how the long token is valid for
--vault vault           grant access to this vault
```

### How create connect token works

Returns a token.

You can only grant a token access to a vault that the server has access to
and only the permissions the server has for it.

By default, the `--vault` option grants the same permissions as the server.
You can further limit the permissions a token has to read-only or write-only
by adding a comma and `r` or `w` after the vault specification. For example:

```shell theme={null}
op create connect token "Dev" "Dev k8s token" --vault Kubernetes,r
op create connect token "Prod" "Prod: Customer details" --vault Customers,w
```

### Related commands

* [manage connect add](#manage-connect-add): Grant access to manage Secrets Automation
* [manage connect remove](#manage-connect-remove): Revoke access to manage Secrets Automation

## *create document*

Create a document.

```shell theme={null}
op create document <file> [flags]
```

### Options for create document

```
--filename name   set the file's name
--tags tags       add one or more tags (comma-separated) to the item
--title title     set the item's title
--vault vault     save the document in this vault
```

### How create document works

When you create a document, a JSON object containing its UUID is
returned. The document is saved to the Private or Personal vault
unless you specify another with the `--vault` option.

#### Create a file from standard input

To create the file contents from standard input (`stdin`), enter a
hyphen (`-`) instead of a path. You can use the `--filename` option to
change the name of the file.

### Examples for create document

Create a document from standard input:

```shell theme={null}
cat auth.log.* | op create document - --title "Authlogs 2020-06" --file-name "auth.log.2020.06"
```

## *create group*

Create a group.

```shell theme={null}
op create group <name> [flags]
```

### Options for create group

```
--description description   set the group's description
```

### How create group works

When you create a group, a JSON object containing its UUID is returned.

## *create integration*

### Subcommands

* [create integration events-api](#create-integration-events-api): Create an Events API integration

## *create integration events-api*

Create an Events API integration token.
Print the Events API integration token when successful.

```shell theme={null}
op create integration events-api <name> [flags]
```

### Options for create integration events-api

```
--expires-in duration   set how the long the integration token is valid for
--features features     set the comma-sepparated list of features the integration token
													can be used for. Options: `signinattempts`, `itemusages`
```

## create item

Create an item.

```shell theme={null}
op create item <category> { --template <file_path> | [<assignment>...] | <encoded_item> } [flags]
```

### Options for create item

```
--generate-password[=recipe]   give the item a randomly generated password
--tags tags                    add one or more tags (comma-separated) to the item
--template string              specify the filepath to read an item template from
--title title                  set the item's title
--url URL                      set the URL associated with the item
--vault vault                  save the item in this vault
```

### How create item works

Create an item using assignment statements or with a 1Password JSON
object template.

When you create an item, a JSON object containing its UUID is returned.
The item is saved to the Private or Personal vault unless you specify
another with the `--vault` option.

#### Create an item with assignment statements

Use an assignment statement to set a field's value:

```
[<section>.]<field>=<value>
```

You can omit spaces when you specify the section or field name. You can
also refer to the field by its JSON short name (`name` or `n`).

```
phonetollfree=012066188656
```

The section is optional unless multiple sections have a field with the
same name.

```
testingserver.address=db.local.1password.com
developmentserver.address=db.dev.1password.com
```

You can't make a new custom section using an
assignment statement.

<Note>
  If you can't trust other users or processes on your system, use `op create item <category> --template=file.json` instead.
</Note>

#### Generate a password

Use the `--generate-password` option to generate and set a random
password for a Login or Password item. By default, it will create a
32-character password made up of letters, numbers, and symbols.

You can customize the password with a password recipe. Specify the
password length and which character types to use in a comma-separated
list. Ingredients are:

* `letters` for uppercase and lowercase letters
* `digits` for numbers
* `symbols` for special characters (`!@.-_*`)
* `1`-`64` for password length

#### Create an item with a template

If you want to create an item with custom sections or fields, use a JSON
object template. Download and edit a template for the category of item
you want to create. Run `op help get template` for a list of template
categories. To create an item using a template:

1. Get a template for the category of item you want to create, and save
   it to a file:

   ```shell theme={null}
   op get template "Login" > login.json
   ```

2. Edit the template to add your information.

3. Create the item from the template file:

   ```shell theme={null}
   op create item --template=login.json Login
   ```

4. When you’re finished, remove the template file.

You can use a tool like [jq](https://stedolan.github.io/jq/) to reformat
JSON to make it easier to read.

If you were using `op encode` previously when creating items,
upgrade to the more secure `create item --template=file.json`.
It skips the need to encode the file.

If you use both a template and assignment statements in the same
command, the assignment statements overwrite the template's values.

### Related commands

* [encode](#encode): Encode the JSON needed to create an item
* [get template](#get-template): Get an item template
* [list templates](#list-templates): Get a list of templates

## *create user*

Create a new user.

```shell theme={null}
op create user <email_address> <name> [flags]
```

### Options for create user

```
--language language   set the user's account language (default "en")
```

### Related commands

* [confirm](#confirm): Confirm a user

## *create vault*

Create a new vault.

```shell theme={null}
op create vault <name> [flags]
```

### Options for create vault

```shell theme={null}
--allow-admins-to-manage true|false   set whether admins can manage vault access
--description description             set the vault's description
--icon string                         set the vault icon
```

### How create vault works

Valid icon keywords are:

<CardGroup cols={2}>
  <div>
    * airplane
    * application
    * art-supplies
    * bankers-box
    * brown-briefcase
    * brown-gate
    * buildings
    * cabin
    * castle
    * circle-of-dots
    * coffee
  </div>

  <div>
    * color-wheel
    * curtained-window
    * document
    * doughnut
    * fence
    * galaxy
    * gears
    * globe
    * green-backpack
    * green-gem
    * handshake
  </div>

  <div>
    * heart-with-monitor
    * house
    * id-card
    * jet
    * large-ship
    * luggage
    * plant
    * porthole
    * puzzle
    * rainbow
    * record
  </div>

  <div>
    * round-door
    * sandals
    * scales
    * screwdriver
    * shop
    * tall-window
    * treasure-chest
    * vault-door
    * vehicle
    * wallet
    * wrench
  </div>
</CardGroup>

## *delete*

### Subcommands

* [delete connect](#delete-connect): Remove 1Password Connect servers and tokens
* [delete document](#delete-document): Delete or archive a Document
* [delete group](#delete-group): Remove a group
* [delete item](#delete-item): Delete or archive an item
* [delete trash](#delete-trash): Delete trash
* [delete user](#delete-user): Completely remove a user
* [delete vault](#delete-vault): Remove a vault

## *delete connect*

### Subcommands

* [delete connect server](#delete-connect-server): Remove a 1Password Connect server
* [delete connect token](#delete-connect-token): Revoke a token for a Connect server

## *delete connect server*

Remove a 1Password Connect server.

```shell theme={null}
op delete connect server <server> [flags]
```

### How delete connect server works

The credentials file and all the tokens for the server will no longer be valid.

## *delete connect token*

Revoke a token for a Connect server.

```shell theme={null}
op delete connect token <token> [flags]
```

### Options for delete connect token

```
--server string   only look for tokens for this 1Password Connect server
```

### Related commands

* [create connect token](#create-connect-token): Issue a token for a 1Password Connect server

## *delete document*

Permanently delete a document. Use the `--archive` option to move it to
the Archive instead.

```shell theme={null}
op delete document <document> [flags]
```

### Options for delete document

```
--archive       move the document to the Archive
--vault vault   look for the document in this vault
```

### How delete document works

#### Specify items on standard input

The command treats each line of information on standard input (`stdin`) as
an object specifier. Run `op help` to learn more about how to specify
objects.

The input can also be a list or array of JSON objects. The command will
get an item for any object that has a UUID key. This is useful for
passing information from one `op` command to another.

### Examples for delete document

Permanently delete a document:

```shell theme={null}
op delete document "2019 Contracts"
```

Move a document to the Archive:

```shell theme={null}
op delete document "2019 Contracts" --archive
```

## *delete group*

Remove a group.

```shell theme={null}
op delete group <group> [flags]
```

## *delete item*

Permanently delete an item. Use the `--archive` option to move it to
the Archive instead.

```shell theme={null}
op delete item <item> [flags]
```

### Options for delete item

```shell theme={null}
--archive       move the item to the Archive
--vault vault   look for the item in this vault
```

### How delete item works

#### Specify items on standard input

The command treats each line of information on standard input (`stdin`) as
an object specifier. Run `op help` to learn more about how to specify
objects.

The input can also be a list or array of JSON objects. The command will
get an item for any object that has a UUID key. This is useful for
passing information from one `op` command to another.

### Examples for delete item

Permanently delete an item:

```shell theme={null}
op delete item "Defunct Login"
```

Move an item to the Archive:

```shell theme={null}
op delete item "Defunct Login" --archive
```

## *delete trash*

You can permanently delete an item with `op delete <item>` or to move it to the Archive, use `op delete item --archive <item>`.

## *delete user*

Remove a user and all their data from the account.

```shell theme={null}
op delete user <user> [flags]
```

## *delete vault*

Remove a vault.

```shell theme={null}
op delete vault <vault> [flags]
```

## *edit*

### Subcommands

<CardGroup cols={2}>
  <div>
    * [edit connect](#edit-connect): Edit 1Password Connect servers and tokens
    * [edit document](#edit-document): Edit a document
    * [edit group](#edit-group): Edit a group's name or description
  </div>

  <div>
    * [edit item](#edit-item): Edit an item's details
    * [edit user](#edit-user): Edit a user's name or Travel Mode status
    * [edit vault](#edit-vault): Edit a vault's metadata
  </div>
</CardGroup>

### Related commands

* [add](#add): Grant access to groups or vaults

## *edit connect*

### Subcommands

* [edit connect server](#edit-connect-server): Rename a Connect server
* [edit connect token](#edit-connect-token): Rename a Connect token

## *edit connect server*

Rename a Connect server.

```shell theme={null}
op edit connect server <server> [flags]
```

### Options for edit connect server

```
--name name   change the server's name
```

### Related commands

* [list connect servers](#list-connect-servers): Get a list of 1Password Connect servers

## *edit connect token*

Rename a Connect token.

```shell theme={null}
op edit connect token <jti> [flags]
```

### Options for edit connect token

```
--name name       change the tokens's name
--server string   only look for tokens for this 1Password Connect server
```

### Related commands

* [list connect tokens](#list-connect-tokens): Get a list of tokens

## *edit document*

Update a document.

```shell theme={null}
op edit document <document> <file> [flags]
```

### Options for edit document

```
--filename name   set the file's name
--tags tags       add one or more tags (comma-separated) to the item
--title title     set the item's title
--vault vault     look up document in this vault
```

### How edit document works

Replace the file contents of a Document item with the provided file
or with the information on standard input (`stdin`).

#### Update a file from standard input

To update the file contents from standard input (`stdin`), enter a
hyphen (`-`) instead of a path. You can use the `--filename` option to
change the name of the file.

## *edit group*

Change a group's name or description.

```shell theme={null}
op edit group <group> [flags]
```

### Options for edit group

```
--description description   change the group's description
--name name                 change the group's name
```

## *edit item*

Edit an item's details.

```shell theme={null}
op edit item <item> <assignment> [<assignment> ...] [flags]
```

### Options for edit item

```
--generate-password[=recipe]   give the item a randomly generated password
--vault vault                  look for the item in this vault
```

### How edit item works

Use an assignment statement to change a field's value:

```
[<section>.]<field>=<value>
```

You can omit spaces when you specify the section or field name. You can
also refer to the field by its JSON short name (`name` or `n`).

```
issuingcountry=Canada
```

The section is optional unless multiple sections have a field with the
same name.

```
testingserver.address=db.local.1password.com
developmentserver.address=db.dev.1password.com
```

You can't make a new custom section using an assignment statement.

<Warning>
  When providing secrets on the command line, always be wary of
  any other processes that might be monitoring what you’re doing.
</Warning>

#### Generate a password

Use the `--generate-password` option to generate and set a random
password for a Login or Password item. By default, it will create a
32-character password made up of letters, numbers, and symbols.

You can customize the password with a password recipe. Specify the
password length and which character types to use in a comma-separated
list. Ingredients are:

* `letters` for uppercase and lowercase letters
* `digits` for numbers
* `symbols` for special characters (`!@.-_*`)
* `1`-`64` for password length

## *edit user*

Change a user's name or Travel Mode status.

```shell theme={null}
op edit user <user> [flags]
```

### Options for edit user

```
--name name           set the user's name
--travelmode on|off   turn Travel Mode on or off for the user
```

## *edit vault*

Edit the name, icon, and description of a vault.

```shell theme={null}
op edit vault <vault> [flags]
```

### Options for edit vault

```
--description description   change the vault's description
--icon icon                 change the vault's icon
--name name                 change the vault's name
```

### How edit vault works

Valid icon keywords are:

<CardGroup cols={2}>
  <div>
    * airplane
    * application
    * art-supplies
    * bankers-box
    * brown-briefcase
    * brown-gate
    * buildings
    * cabin
    * castle
    * circle-of-dots
    * coffee
  </div>

  <div>
    * color-wheel
    * curtained-window
    * document
    * doughnut
    * fence
    * galaxy
    * gears
    * globe
    * green-backpack
    * green-gem
    * handshake
  </div>

  <div>
    * heart-with-monitor
    * house
    * id-card
    * jet
    * large-ship
    * luggage
    * plant
    * porthole
    * puzzle
    * rainbow
    * record
  </div>

  <div>
    * round-door
    * sandals
    * scales
    * screwdriver
    * shop
    * tall-window
    * treasure-chest
    * vault-door
    * vehicle
    * wallet
    * wrench
  </div>
</CardGroup>

### Related commands

* [list vaults](#list-vaults): Get a list of vaults
* [get vault](#get-vault): Get details about a vault

## *encode*

<Warning>
  This command has been deprecated.
  Use the more secure --template flag with `create item` instead.
  It skips the need to encode the file.
</Warning>

```shell theme={null}
op encode [flags]
```

### How encode works

Encode the JSON needed to create an item with `base64url`
encoding. Accepts input from standard input (`stdin`).

### Examples for encode

Encode a basic item template:

```shell theme={null}
op get template login | op encode
```

Save the encoded contents of a file to another file:

```shell theme={null}
cat my-new-login.json | op encode > my-new-login.encoded-json
```

### Related commands

* [get template](#get-template): Get an item template
* [create item](#create-item): Create an item
* [edit item](#edit-item): Edit an item's details

## *forget*

Remove the details for a 1Password account from this device.

```shell theme={null}
op forget <account> [flags]
```

## *get*

### Subcommands

<CardGroup cols={2}>
  <div>
    * [get account](#get-account): Get details about your account
    * [get document](#get-document): Download a document
    * [get group](#get-group): Get details about a group
    * [get item](#get-item): Get item details
  </div>

  <div>
    * [get template](#get-template): Get an item template
    * [get totp](#get-totp): Get the one-time password for an item
    * [get user](#get-user): Get details about a user
    * [get vault](#get-vault): Get details about a vault
  </div>
</CardGroup>

## *get account*

Get details about your account.

```shell theme={null}
op get account [flags]
```

## *get document*

Download a document and print the contents to standard output (`stdout`).

```shell theme={null}
op get document <document> [flags]
```

### Options for get document

```
--include-archive   include items in the Archive
--output path       save the document to the file path instead of `stdout`
--vault vault       look for the document in this vault
```

### How get document works

#### Save to a file

Use the `--output` option to have `op` save the document. This may
be useful in some shells to preserve the file's original
encoding.

The `--output` option won't overwrite an existing file. The
destination path must be an empty file or not exist.

### Examples for get document

Save a document to a file called `secret-plans.text`:

```shell theme={null}
op get document "Top Secret Plan B" --output secret-plans.text
```

## *get group*

Get details about a group.

```shell theme={null}
op get group <group> [flags]
```

### How get group works

#### Use standard input to specify objects

If you enter a hyphen (`-`) instead of a single object for this command,
1Password CLI will read object specifiers from standard input (`stdin`).
Separate each specifier with a new line. For more information about how
to specify objects, run `op help`.

You can also pass the command a list or array of JSON objects. 1Password CLI
will get an item for any object that has a UUID key, ignoring line
breaks. This is useful for passing information from one `op` command
to another.

### Examples for get group

Get details for all groups:

```shell theme={null}
op list groups | op get group -
```

Get details for the groups who have access to a vault:

```shell theme={null}
op list groups --vault "Production keys" | op get group -
```

## *get item*

Return details about an item.

```shell theme={null}
op get item <item> [flags]
```

### Options for get item

```
--fields fields     only return data from these fields
--format format     return data in this format (CSV or JSON) (use with --fields)
--include-archive   include items in the Archive
--share-link        get a shareable link for the item
--vault vault       look for the item in this vault
```

### How get item works

By default, `get item` returns a complete 1Password JSON object.

#### Customize returned data

To only get details from specific fields, use the `--fields` option.

Specify fields in a comma-separated list. You can omit spaces when you
specify the section or field name. You can also refer to the field by
its JSON short name (`name` or `n`).

When you specify one field, its data is returned as a simple string.
If you specify more than one field, the data is returned in a simple
key-value pair JSON object. If a field doesn't exist, an empty value
is returned.

Use the `--format` option to change the output format to JSON or CSV.

#### Specify items on standard input

The command treats each line of information on standard input (`stdin`) as
an object specifier. Run `op help` to learn more about how to specify
objects.

The input can also be a list or array of JSON objects. The command will
get an item for any object that has a UUID key. This is useful for
passing information from one `op` command to another.

#### Items in the Archive

Items in the Archive are ignored by default. To get details for an
item in the Archive, specify the item by UUID or use the
`--include-archive` option.

### Examples for get item

Get details for all items with a specified tag:

```shell theme={null}
op list items --tags documentation | op get item -
```

Get a CSV list of the website, username, and password for all logins in a vault:

```shell theme={null}
op list items --categories Login --vault Staging | op get item - --fields website,username,password --format CSV
```

## *get template*

Return a template for an item type.

```shell theme={null}
op get template <category> [flags]
```

### How get template works

You can create a new item with a template.
Run `op create item --help` for more information.

Categories are:

<CardGroup cols={2}>
  <div>
    * API Credential
    * Bank Account
    * Credit Card
    * Database
    * Document
    * Driver License
    * Email Account
    * Identity
    * Login
    * Medical Record
  </div>

  <div>
    * Membership
    * Outdoor License
    * Passport
    * Password
    * Reward Program
    * Secure Note
    * Server
    * Social Security Number
    * Software License
    * Wireless Router
  </div>
</CardGroup>

### Related commands

* [encode](#encode): Encode the JSON needed to create an item
* [create item](#create-item): Create an item

## *get totp*

Get an item's current time-based one-time password.

```shell theme={null}
op get totp <item> [flags]
```

### Options for get totp

```
--vault vault   look for the item in this vault
```

### How get totp works

#### Items in the Archive

Items in the Archive are ignored by default. To get the TOTP for an
item in the Archive, specify the item by UUID.

## *get user*

Get details about a user.

```shell theme={null}
op get user <user> [flags]
```

### Options for get user

```
--fingerprint   get the user's public key fingerprint
--publickey     get the user's public key
```

### How get user works

#### Use standard input to specify objects

If you enter a hyphen (`-`) instead of a single object for this command,
1Password CLI will read object specifiers from standard input (`stdin`).
Separate each specifier with a new line. For more information about how
to specify objects, run `op help`.

You can also pass the command a list or array of JSON objects. 1Password CLI
will get an item for any object that has a UUID key, ignoring line
breaks. This is useful for passing information from one `op` command
to another.

### Examples for get user

Get details for all users:

```shell theme={null}
op list users | op get user -
```

Get the public key for all users in a group:

```shell theme={null}
op list users --group "Frontend Developers" | op get user - --publickey
```

Get details for all users who have access to a vault:

```shell theme={null}
op list users --vault Staging | op get user -
```

## *get vault*

Get details about a vault.

```shell theme={null}
op get vault <vault> [flags]
```

### How get vault works

#### Use standard input to specify objects

If you enter a hyphen (`-`) instead of a single object for this command,
1Password CLI will read object specifiers from standard input (`stdin`).
Separate each specifier with a new line. For more information about how
to specify objects, run `op help`.

You can also pass the command a list or array of JSON objects. 1Password CLI
will get an item for any object that has a UUID key, ignoring line
breaks. This is useful for passing information from one `op` command
to another.

### Examples for get vault

Get details for all vaults:

```shell theme={null}
op list vaults | op get vault -
```

Get details for the vaults that a group has access to:

```shell theme={null}
op list vaults --group security | op get vault -
```

### Related commands

* [list vaults](#list-vaults): Get a list of vaults
* [edit vault](#edit-vault): Edit a vault's metadata

## *list*

### Subcommands

<CardGroup cols={2}>
  <div>
    * [list connect](#list-connect): List 1Password Connect servers and tokens
    * [list documents](#list-documents): Get a list of documents
    * [list events](#list-events): Get a list of events from the Activity Log
    * [list groups](#list-groups): Get a list of groups
  </div>

  <div>
    * [list items](#list-items): Get a list of items
    * [list templates](#list-templates): Get a list of templates
    * [list users](#list-users): Get the list of users
    * [list vaults](#list-vaults): Get a list of vaults
  </div>
</CardGroup>

## *list connect*

### Subcommands

* [list connect servers](#list-connect-servers): Get a list of 1Password Connect servers
* [list connect tokens](#list-connect-tokens): Get a list of tokens

## *list connect servers*

List 1Password Connect servers.

```shell theme={null}
op list connect servers [flags]
```

### Related commands

* [create connect token](#create-connect-token): Issue a token for a 1Password Connect server
* [edit connect server](#edit-connect-server): Rename a Connect server

## *list connect tokens*

List tokens for Connect servers.

```shell theme={null}
op list connect tokens [flags]
```

### Options for list connect tokens

```
--server server   only list tokens for this Connect server
```

### How list connect tokens works

Returns active (`A`) and revoked (`R`) tokens.

The `integrationUuid` is the UUID for the Connect server the token belongs to.

### Related commands

* [edit connect token](#edit-connect-token): Rename a Connect token

## *list documents*

List documents.

```shell theme={null}
op list documents [flags]
```

### Options for list documents

```
--include-archive   include items in the Archive
--vault vault       only list documents in this vault
```

### How list documents works

Returns a list of all documents the account has read access to
by default. Excludes items in the Archive by default.

## *list events*

List events from the Activity Log.

```shell theme={null}
op list events [flags]
```

### Options for list events

```
--eventid eid   start listing from event with ID eid
--older         list events from before the specified event
```

### How list events works

Returns the 100 most recent events by default.

The Activity Log is only available for 1Password Business accounts.

### Examples for list events

List events after a specific log entry:

```shell theme={null}
op list events --eventid 319458129
```

List events before a specific log entry:

```shell theme={null}
op list events --older --eventid 319179570
```

## *list groups*

List groups.

```shell theme={null}
op list groups [flags]
```

### Options for list groups

```shell theme={null}
--user user     list groups that a user belongs to
--vault vault   list groups that have direct access to a vault
```

### How list groups works

Returns all groups in an account by default.

### Examples for list groups

Get details for all groups:

```shell theme={null}
op list groups | op get group -
```

Get details for the groups who have access to a vault:

```shell theme={null}
op list groups --vault Staging | op get group -
```

Get details for the groups that a person belongs to:

```shell theme={null}
op list groups --user wendy_appleseed@1password.com | op get group -
```

## *list items*

List items.

```shell theme={null}
op list items [flags]
```

### Options for list items

```
--categories categories   only list items in these categories (comma-separated)
--include-archive         include items in the Archive
--tags tags               only list items with these tags (comma-separated)
--vault vault             only list items in this vault
```

### How list items works

Returns a list of all items the account has read access to by default.
Excludes items in the Archive by default.

Categories are:

<CardGroup cols={2}>
  <div>
    * API Credential
    * Bank Account
    * Credit Card
    * Database
    * Document
    * Driver License
    * Email Account
    * Identity
    * Login
    * Medical Record
  </div>

  <div>
    * Membership
    * Outdoor License
    * Passport
    * Password
    * Reward Program
    * Secure Note
    * Server
    * Social Security Number
    * Software License
    * Wireless Router
  </div>
</CardGroup>

### Examples for list items

Get details for all items with a specified tag:

```shell theme={null}
op list items --tags documentation | op get item -
```

Get a CSV list of the `website`, `username`, and `password` for all logins in a vault:

```shell theme={null}
op list items --categories Login --vault Staging | op get item - --fields website,username,password --format CSV
```

## *list templates*

List available item type templates.

```shell theme={null}
op list templates [flags]
```

### How list templates works

Use `op get template` to get a template to use to create a new item.

### Related commands

* [create item](#create-item): Create an item
* [get template](#get-template): Get an item template

## *list users*

List users.

```shell theme={null}
op list users [flags]
```

### Options for list users

```
--group group   list users who belong to a group
--vault vault   list users who have direct access to vault
```

### How list users works

Returns all users in an account by default.

When you use the `--group` option, the output includes the user's role
in the group.

### Examples for list users

Get details for all users:

```shell theme={null}
op list users | op get user -
```

Get the public key for all users in a group:

```shell theme={null}
op list users --group "Frontend Developers" | op get user - --publickey
```

Get details for all users who have access to a vault:

```shell theme={null}
op list users --vault Staging | op get user -
```

## *list vaults*

List vaults.

```shell theme={null}
op list vaults [flags]
```

### Options for list vaults

```
--group group   list vaults a group has access to
--user user     list vaults a user has access to
```

### How list vaults works

Returns all vaults the account has access to by default.

### Examples for list vaults

Get details for all vaults:

```shell theme={null}
op list vaults | op get vault -
```

Get details for vaults that a group has access to:

```shell theme={null}
op list vaults --group Security | op get vault -
```

Get details for vaults that a user has access to:

```shell theme={null}
op list vaults --user wendy_appleseed@1password.com | op get vault -
```

### Related commands

* [get vault](#get-vault): Get details about a vault
* [edit vault](#edit-vault): Edit a vault's metadata

## *manage*

### Subcommands

* [manage connect](#manage-connect): Manage group access to 1Password Secrets Automation

## *manage connect*

### Subcommands

* [manage connect add](#manage-connect-add): Grant access to manage Secrets Automation
* [manage connect remove](#manage-connect-remove): Revoke access to manage Secrets Automation

## *manage connect add*

Grant a group access to manage Secrets Automation.

```shell theme={null}
op manage connect add <group> <server> [flags]
```

### How manage connect add works

If you don't specify a server, it adds the group to the list of Secrets
Automation managers.

## *manage connect remove*

Revoke access from a group to manage Secrets Automation.

```shell theme={null}
op manage connect remove <group> <server> [flags]
```

## *reactivate*

Reactivate a suspended user.

```shell theme={null}
op reactivate <user> [flags]
```

### Related commands

* [suspend](#suspend): Suspend a user

## *remove*

### Subcommands

* [remove connect](#remove-connect): Remove access to vaults from 1Password Connect servers
* [remove group](#remove-group): Revoke a group's access to a vault
* [remove user](#remove-user): Revoke a user's access to a vault or group

### Related commands

* [add](#add): Grant access to groups or vaults

## *remove connect*

### Subcommands

* [remove connect server](#remove-connect-server): Revoke a Connect server's access to a vault

## *remove connect server*

Revoke access to a vault from a Connect server.

```shell theme={null}
op remove connect server <server> <vault> [flags]
```

## *remove group*

Revoke a group's access to a vault.

```shell theme={null}
op remove group <group> <vault> [flags]
```

## *remove user*

Revoke a user's access to a vault or group.

```shell theme={null}
op remove user <user> [<vault> | <group>] [flags]
```

## *signin*

Sign in to a 1Password account and return a session token.

```shell theme={null}
op signin [<sign_in_address> [<email_address> [<secret_key>]]] [flags]
```

### Options for signin

```
-l, --list             list accounts set up on this device
-r, --raw              only return the session token
		--shorthand name   set the short account name
```

### How signin works

#### Sign in to an account

To sign in to an account the first time, use your sign-in address and
email address:

```shell theme={null}
op signin example.1password.com wendy_appleseed@1password.com
```

After you sign in the first time, you can sign in again using only the
shorthand for the account:

```shell theme={null}
op signin example
```

#### Use session tokens

1Password CLI uses a session token to authenticate commands with
1Password.com. Sessions expire after 30 minutes of inactivity. You can
save the session token in an environment variable for 1Password CLI to use
automatically or provide a token with each command using the `--session`
option.

To use the environment variable, run the `export` command that 1Password CLI
provides after you sign in. When you run a command, 1Password CLI uses it
automatically.

To provide a session token each time you run a command, sign in using
the `--raw` option to get a token. Then use the `--session` option with
each command.

#### Reuse a session token

You can use the `--session` option with the `signin` command to reuse an
active token or to test whether a session has expired. This may be
useful when writing scripts that use 1Password CLI. If the
session is active, 1Password CLI will use it and return the same token. If
the session is expired, you’ll have to sign in again.

#### Work with multiple accounts

You can sign in to more than one account at a time. If you store the
session token in an environment variable, 1Password CLI will use the account
you most recently signed in to by default. Use the `--account` option to
specify a different account. By default, the shorthand is your account’s
subdomain. You can change it the first time you sign in by using the
`--shorthand` option, or in the configuration file. Hyphens (`-`) are
converted to underscores (`_`) for system compatibility.

### Examples for signin

Sign in and set the environment variable in one step:

```shell theme={null}
eval $(op signin example)
```

### Related commands

* [signout](#signout): Sign out of a 1Password account

## *signout*

Sign out of a 1Password account.

```shell theme={null}
op signout [flags]
```

### Options for signout

```
--forget   remove the details for a 1Password account from this device
```

### How signout works

Signs out of the most recently used account by default.

### Related commands

* [signin](#signin): Sign in to a 1Password account

## *suspend*

Suspend a user.

```shell theme={null}
op suspend <user> [flags]
```

### Options for suspend

```
--deauthorize-devices seconds[=0]   deauthorize the user's devices after a time in seconds
```

### Related commands

* [reactivate](#reactivate): Reactivate a suspended user

## *update*

Check for updates to `op`. Downloads an updated version, if available.

```shell theme={null}
op update [flags]
```

### Options for update

```
--directory path   download the update to this path
```